Hacker News new | ask | show | jobs
by njt 1841 days ago
> GPG exists, and no one has really proposed good solutions

[...]

> if you're going to complain please work towards solving the issue

Perhaps because you are asking the wrong question: "PGP/GPG is old, broken, and insecure, what is an exact drop-in replacement that I can substitute for it?"

Instead, the question should be: "PGP/GPG is old, broken, and insecure, what is a replacement for [this specific thing I am trying to accomplish with it]?:

So what are you trying to do with GPG? Sign a package? Encrypt a file? Store a backup? Transfer a file? Send a message? There are plenty of modern, secure solutions for these.
2 comments
R0b0t1 1841 days ago
I know. I am aware of the appropriate questions and some (most) of their answers. But these things still do not seem to get adopted. Best I've seen is a few projects pick up signify. Signal is OK I guess, but still does not solve a lot of things a decentralized system can.

People always join these conversations to namedrop projects to sound smart and security conscious, apparently not having tried to integrate them into their existing workflows.

link
njt 1841 days ago
> these things still do not seem to get adopted

If I understand your comment correctly, the reason you are using an old, insecure, and broken tool is because the secure replacement is not as widely used?

Are you looking for some specific percentage of the population to adopt it? What is that threshold?

> Signal is OK I guess, but still does not solve a lot of things a decentralized system can.

Serious question: what problem does a decentralized tool that old, insecure, and broken solve that you would use it instead of one that is secure but "centralized"?

> People always join these conversations to namedrop projects to sound smart and security conscious

I can't judge other people's motivation for mentioning PGP/GPG alternatives, but the projects they mention certainly fit the criteria for being secure replacements. Are you going to disregard their answers because you have deemed their motivations unfit?

> apparently not having tried to integrate them into their existing workflows.

If you could explain your specific PGP/GPG workflow, perhaps someone might be able to suggest something to replace it.

link
R0b0t1 1841 days ago
Bunch of straw questions, I don't care to answer them. Answer your own pointless questions.
link
njt 1833 days ago
> Bunch of straw questions, I don't care to answer them. Answer your own pointless questions.

By "straw question", you are implying that I replaced your argument with a false one.

In the upstream comments, you agreed that PGP/GPG is broken and insecure. We have no difference of opinion there. You then stated that the reason you still continue to use it is because a) the alternatives are not getting adopted and b) are not decentralized. You also c) questioned the motives of people suggesting the alternatives, and d) stated that they have not used them in existing workflows.

All of these are things _you_ stated, I was careful to quote each point you made as I responded to them.

If I misstated your position or replaced it with a straw man, feel free to point out where I did that and I'll gladly correct myself.

link
tomcooks 1841 days ago
GPG is broken and insecureā€½
link
njt 1841 days ago
And old. See the many comments and articles posted in this thread to that effect.
link